Re: Segfault calling dlopen()'ed executable built with -pie and using TLS

[Cary Coutant <ccoutant at gmail dot com>]

> When I build a binary with -pie, the linker produces an ELF file with
> ET_DYN in header. So it is pretty much explicitly "a shared library",
> I guess...

Not really. There has been discussion about whether PIE executables
should be ET_EXEC or ET_DYN, and it seems to have come down to ET_DYN
for the reason that a PIE executable requires the dynamic loader. What
distinguishes an executable from a shared library is the presence of
an entry point.

> Either way, is there any way to tell the linker not to do these things
> and instead produce just a shared library with an entry point?

In theory, I think you could build a shared object that has an entry
point so it could act as an executable, but you'd need to build some
startup files that don't currently exist. For a binary to act as an
executable, it needs an entry point, but the entry point is not "main"
-- it's "_start", defined in crt1.o, which performs a bunch of runtime
initialization before actually calling "main". The crt1.o that comes
with your compiler probably has non-PIC code in it, so you can't link
it into a shared library.

If you wanted to do this strongly enough, you could rewrite the C
runtime startup code in crt1.o (and probably also crt0.o, crtbegin.o,
and others) to be PIC, then link your payload with those startup files
instead of the standard ones, and the -shared option. Since I haven't
tried this, I'm not quite sure whether the dynamic loader would be
happy with the result, but it also could probably be modified if
necessary.

Bottom line, what you're asking for is theoretically possible, but not
currently supported.

-cary